Re: EAP-TLS cert

A.L.M.Buxey@lboro.ac.uk · Fri, 16 May 2008 09:17:57 +0100

Hi,

>  I've installed FreeRadius-2.0.4 and run fine.
>  Here a few thing I had editted.
>  
>  Clients.conf
>  client 192.168.0.0/24 {
>      secret        = testing123-1
>      shortname    = private-network-1
> }
>  
>  eap {
>          default_eap_type    = tls
>  }
>  ....
>  
>  tls {
>      fragment_size    =1024
>          include_lenght    = yes
>  }
>  
>  users
>  MarsindNet    Cleartext_Password    := "hello"
>                       Reply-Message = "Hello, %{User-Name}"
>  
>  Now..I want to test connecting with Windows XP but I could not find
>  root.der or cert-clt.p12 like previous version has.

when you installed FR 2.0.x, if you did not supply your own certs, then the
first thing it would have done upon running is create its own new ones. they'll
be in $RADDB/certs - see the documentation for the files to use.  if you
DID let FR generate them, they'll be snakeoil dummy certs that only last 30 days.
so you'll need to read the Makefile in the certs directory edit client.cnf and server.cnf
appopriately and remake them(!)

alan